package kz.nitec.bizbirgemiz.util.security;

import android.content.Context;
import android.content.SharedPreferences;
import android.security.keystore.KeyGenParameterSpec;
import androidx.security.crypto.EncryptedSharedPreferences;
import androidx.security.crypto.MasterKeys;
import com.android.tools.r8.GeneratedOutlineSupport;
import com.google.android.gms.common.internal.Preconditions;
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.DeterministicAead;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.config.TinkConfig;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
import java.security.KeyStore;
import java.util.Arrays;
import javax.crypto.KeyGenerator;
import kotlin.Lazy;
import kotlin.jvm.functions.Function0;
import kotlin.jvm.internal.Intrinsics;
import kz.nitec.bizbirgemiz.core.App;
import kz.nitec.bizbirgemiz.exception.CwaSecurityException;

/* compiled from: SecurityHelper.kt */
/* loaded from: classes.dex */
public final class SecurityHelper {
    public static final SecurityHelper INSTANCE = new SecurityHelper();
    public static final Lazy globalEncryptedSharedPreferencesInstance$delegate;
    public static final KeyGenParameterSpec keyGenParameterSpec;
    public static final String masterKeyAlias;

    static {
        KeyGenParameterSpec keyGenParameterSpec2 = MasterKeys.AES256_GCM_SPEC;
        Intrinsics.checkExpressionValueIsNotNull(keyGenParameterSpec2, "MasterKeys.AES256_GCM_SPEC");
        keyGenParameterSpec = keyGenParameterSpec2;
        if (keyGenParameterSpec2.getKeySize() != 256) {
            StringBuilder outline19 = GeneratedOutlineSupport.outline19("invalid key size, want 256 bits got ");
            outline19.append(keyGenParameterSpec2.getKeySize());
            outline19.append(" bits");
            throw new IllegalArgumentException(outline19.toString());
        }
        if (!Arrays.equals(keyGenParameterSpec2.getBlockModes(), new String[]{"GCM"})) {
            StringBuilder outline192 = GeneratedOutlineSupport.outline19("invalid block mode, want GCM got ");
            outline192.append(Arrays.toString(keyGenParameterSpec2.getBlockModes()));
            throw new IllegalArgumentException(outline192.toString());
        }
        if (keyGenParameterSpec2.getPurposes() != 3) {
            StringBuilder outline193 = GeneratedOutlineSupport.outline19("invalid purposes mode, want PURPOSE_ENCRYPT | PURPOSE_DECRYPT got ");
            outline193.append(keyGenParameterSpec2.getPurposes());
            throw new IllegalArgumentException(outline193.toString());
        }
        if (!Arrays.equals(keyGenParameterSpec2.getEncryptionPaddings(), new String[]{"NoPadding"})) {
            StringBuilder outline194 = GeneratedOutlineSupport.outline19("invalid padding mode, want NoPadding got ");
            outline194.append(Arrays.toString(keyGenParameterSpec2.getEncryptionPaddings()));
            throw new IllegalArgumentException(outline194.toString());
        }
        if (keyGenParameterSpec2.isUserAuthenticationRequired() && keyGenParameterSpec2.getUserAuthenticationValidityDurationSeconds() < 1) {
            throw new IllegalArgumentException("per-operation authentication is not supported (UserAuthenticationValidityDurationSeconds must be >0)");
        }
        String keystoreAlias = keyGenParameterSpec2.getKeystoreAlias();
        KeyStore keyStore = KeyStore.getInstance("AndroidKeyStore");
        keyStore.load(null);
        if (!keyStore.containsAlias(keystoreAlias)) {
            KeyGenerator keyGenerator = KeyGenerator.getInstance("AES", "AndroidKeyStore");
            keyGenerator.init(keyGenParameterSpec2);
            keyGenerator.generateKey();
        }
        String keystoreAlias2 = keyGenParameterSpec2.getKeystoreAlias();
        Intrinsics.checkExpressionValueIsNotNull(keystoreAlias2, "MasterKeys.getOrCreate(keyGenParameterSpec)");
        masterKeyAlias = keystoreAlias2;
        globalEncryptedSharedPreferencesInstance$delegate = Preconditions.lazy(new Function0<SharedPreferences>() { // from class: kz.nitec.bizbirgemiz.util.security.SecurityHelper$globalEncryptedSharedPreferencesInstance$2
            @Override // kotlin.jvm.functions.Function0
            public SharedPreferences invoke() {
                return (SharedPreferences) SecurityHelper.INSTANCE.withSecurityCatch(new Function0<SharedPreferences>() { // from class: kz.nitec.bizbirgemiz.util.security.SecurityHelper$globalEncryptedSharedPreferencesInstance$2.1
                    @Override // kotlin.jvm.functions.Function0
                    public SharedPreferences invoke() {
                        KeysetHandle keysetHandle;
                        KeysetHandle keysetHandle2;
                        SecurityHelper securityHelper = SecurityHelper.INSTANCE;
                        Context context = App.getContext();
                        String str = SecurityHelper.masterKeyAlias;
                        EncryptedSharedPreferences.PrefKeyEncryptionScheme prefKeyEncryptionScheme = EncryptedSharedPreferences.PrefKeyEncryptionScheme.AES256_SIV;
                        EncryptedSharedPreferences.PrefValueEncryptionScheme prefValueEncryptionScheme = EncryptedSharedPreferences.PrefValueEncryptionScheme.AES256_GCM;
                        TinkConfig.register();
                        AndroidKeysetManager.Builder builder = new AndroidKeysetManager.Builder();
                        builder.keyTemplate = prefKeyEncryptionScheme.mDeterministicAeadKeyTemplate;
                        builder.withSharedPref(context, "__androidx_security_crypto_encrypted_prefs_key_keyset__", "shared_preferences_cwa");
                        String str2 = "android-keystore://" + str;
                        if (!str2.startsWith("android-keystore://")) {
                            throw new IllegalArgumentException("key URI must start with android-keystore://");
                        }
                        builder.masterKeyUri = str2;
                        AndroidKeysetManager androidKeysetManager = new AndroidKeysetManager(builder, null);
                        synchronized (androidKeysetManager) {
                            keysetHandle = androidKeysetManager.keysetManager.getKeysetHandle();
                        }
                        AndroidKeysetManager.Builder builder2 = new AndroidKeysetManager.Builder();
                        builder2.keyTemplate = prefValueEncryptionScheme.mAeadKeyTemplate;
                        builder2.withSharedPref(context, "__androidx_security_crypto_encrypted_prefs_value_keyset__", "shared_preferences_cwa");
                        String str3 = "android-keystore://" + str;
                        if (!str3.startsWith("android-keystore://")) {
                            throw new IllegalArgumentException("key URI must start with android-keystore://");
                        }
                        builder2.masterKeyUri = str3;
                        AndroidKeysetManager androidKeysetManager2 = new AndroidKeysetManager(builder2, null);
                        synchronized (androidKeysetManager2) {
                            keysetHandle2 = androidKeysetManager2.keysetManager.getKeysetHandle();
                        }
                        EncryptedSharedPreferences encryptedSharedPreferences = new EncryptedSharedPreferences("shared_preferences_cwa", str, context.getSharedPreferences("shared_preferences_cwa", 0), (Aead) keysetHandle2.getPrimitive(Aead.class), (DeterministicAead) keysetHandle.getPrimitive(DeterministicAead.class));
                        Intrinsics.checkExpressionValueIsNotNull(encryptedSharedPreferences, "EncryptedSharedPreferenc…heme.AES256_GCM\n        )");
                        return encryptedSharedPreferences;
                    }
                });
            }
        });
    }

    public final SharedPreferences getGlobalEncryptedSharedPreferencesInstance() {
        return (SharedPreferences) globalEncryptedSharedPreferencesInstance$delegate.getValue();
    }

    public final <T> T withSecurityCatch(Function0<? extends T> function0) {
        try {
            return function0.invoke();
        } catch (Exception e) {
            throw new CwaSecurityException(e);
        }
    }
}
